From 89d002baaa196b21ac4d4072e21e7451c47a2355 Mon Sep 17 00:00:00 2001
From: Dan Untenzu <untenzu@webit.de>
Date: Mon, 20 Feb 2017 16:15:17 +0100
Subject: [PATCH 1/1] [FEATURE] Follow up: Remove further form targets
Follow up for commit a12b04d2670d2916008e53b4f5a2cc5f158cb998.
Remove further form action targets, if these forms should be send
to the same page anyway. In this case we may safely omnit the
action attribute and safe some path constructions.
---
admin.php | 16 ++++++++--------
index.php | 8 ++++----
lib/functions.php | 6 +++---
3 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/admin.php b/admin.php
index e4321db..230c512 100644
--- a/admin.php
+++ b/admin.php
@@ -78,7 +78,7 @@ if (php_sapi_name() == "cli") {
elseif ((!isset($_SESSION['admin_auth']) || $_SESSION['admin_auth'] != true)
&& empty($cfg['admin_http_auth_user'])) {
require(JIRAFEAU_ROOT . 'lib/template/header.php'); ?>
- <form action = "<?php echo basename(__FILE__); ?>" method = "post">
+ <form method="post">
<fieldset>
<table>
<tr>
@@ -138,7 +138,7 @@ if (php_sapi_name() == "cli") {
?><div id = "admin">
<fieldset><legend><?php echo t('Actions'); ?></legend>
<table>
- <form action = "<?php echo basename(__FILE__); ?>" method = "post">
+ <form method="post">
<tr>
<input type = "hidden" name = "action" value = "clean"/>
<td class = "info">
@@ -150,7 +150,7 @@ if (php_sapi_name() == "cli") {
</td>
</tr>
</form>
- <form action = "<?php echo basename(__FILE__); ?>" method = "post">
+ <form method="post">
<tr>
<input type = "hidden" name = "action" value = "clean_async"/>
<td class = "info">
@@ -162,7 +162,7 @@ if (php_sapi_name() == "cli") {
</td>
</tr>
</form>
- <form action = "<?php echo basename(__FILE__); ?>" method = "post">
+ <form method="post">
<tr>
<input type = "hidden" name = "action" value = "list"/>
<td class = "info">
@@ -174,7 +174,7 @@ if (php_sapi_name() == "cli") {
</td>
</tr>
</form>
- <form action = "<?php echo basename(__FILE__); ?>" method = "post">
+ <form method="post">
<tr>
<input type = "hidden" name = "action" value = "search_by_name"/>
<td class = "info">
@@ -188,7 +188,7 @@ if (php_sapi_name() == "cli") {
</td>
</tr>
</form>
- <form action = "<?php echo basename(__FILE__); ?>" method = "post">
+ <form method="post">
<tr>
<input type = "hidden" name = "action" value = "search_by_file_hash"/>
<td class = "info">
@@ -202,7 +202,7 @@ if (php_sapi_name() == "cli") {
</td>
</tr>
</form>
- <form action = "<?php echo basename(__FILE__); ?>" method = "post">
+ <form method="post">
<tr>
<input type = "hidden" name = "action" value = "search_link"/>
<td class = "info">
@@ -217,7 +217,7 @@ if (php_sapi_name() == "cli") {
</tr>
</form>
</table>
- <form action = "<?php echo basename(__FILE__); ?>" method = "post">
+ <form method="post">
<input type = "hidden" name = "action" value = "logout" />
<input type = "submit" value = "<?php echo t('Logout'); ?>" />
</form>
diff --git a/index.php b/index.php
index 39eded5..6d1dc10 100644
--- a/index.php
+++ b/index.php
@@ -61,7 +61,7 @@ if (!jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) {
/* Show auth page. */
if (!isset($_SESSION['upload_auth']) || $_SESSION['upload_auth'] != true) {
?>
- <form action = "<?php echo basename(__FILE__); ?>" method = "post">
+ <form method="post">
<fieldset>
<table>
<tr>
@@ -89,7 +89,7 @@ if (!jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) {
}
}
}
-
+
?>
<div id="upload_finished">
<p><?php echo t('File uploaded !') ?></p>
@@ -108,7 +108,7 @@ if (!jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) {
<p><?php echo t('View link') ?>:</p>
<p><a id="preview_link" href=""></a></p>
</div>
- <?php
+ <?php
} ?>
<div id="upload_direct_download">
@@ -243,7 +243,7 @@ if (!jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) {
<?php
if (jirafeau_has_upload_password($cfg)) {
?>
- <form action = "<?php echo basename(__FILE__); ?>" method = "post">
+ <form method="post">
<input type = "hidden" name = "action" value = "logout"/>
<input type = "submit" value = "<?php echo t('Logout'); ?>" />
</form>
diff --git a/lib/functions.php b/lib/functions.php
index 99c11ec..85651ba 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -611,17 +611,17 @@ function jirafeau_admin_list($name, $file_hash, $link_hash)
echo '<td>' . strftime('%c', $l['upload_date']) . '</td>';
echo '<td>' . $l['ip'] . '</td>';
echo '<td>' .
- '<form action = "admin.php" method = "post">' .
+ '<form method="post">' .
'<input type = "hidden" name = "action" value = "download"/>' .
'<input type = "hidden" name = "link" value = "' . $node . '"/>' .
'<input type = "submit" value = "' . t('Download') . '" />' .
'</form>' .
- '<form action = "admin.php" method = "post">' .
+ '<form method="post">' .
'<input type = "hidden" name = "action" value = "delete_link"/>' .
'<input type = "hidden" name = "link" value = "' . $node . '"/>' .
'<input type = "submit" value = "' . t('Del link') . '" />' .
'</form>' .
- '<form action = "admin.php" method = "post">' .
+ '<form method="post">' .
'<input type = "hidden" name = "action" value = "delete_file"/>' .
'<input type = "hidden" name = "md5" value = "' . $l['md5'] . '"/>' .
'<input type = "submit" value = "' . t('Del file and links') . '" />' .
--
2.43.0